The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ ...

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...
GitHub

bradparks/nexe___make_exe_out_of_nodejs_app

Nexe is a command-line utility that compiles your Node.js application into a single executable file. Use the techniques below for working around dynamic require statements to exclude the module from ...